[tip: x86/asm] x86/bpf: Fix BPF percpu accesses
From: tip-bot2 for Brian Gerst
Date: Thu Feb 27 2025 - 15:21:38 EST
The following commit has been merged into the x86/asm branch of tip:
Commit-ID: 18cdd90aba794333f4c6dce39f5c3fe642af5575
Gitweb: https://git.kernel.org/tip/18cdd90aba794333f4c6dce39f5c3fe642af5575
Author: Brian Gerst <brgerst@xxxxxxxxx>
AuthorDate: Thu, 27 Feb 2025 14:53:02 -05:00
Committer: Ingo Molnar <mingo@xxxxxxxxxx>
CommitterDate: Thu, 27 Feb 2025 21:10:03 +01:00
x86/bpf: Fix BPF percpu accesses
Due to this recent commit in the x86 tree:
9d7de2aa8b41 ("Use relative percpu offsets")
percpu addresses went from positive offsets from the GSBASE to negative
kernel virtual addresses. The BPF verifier has an optimization for
x86-64 that loads the address of cpu_number into a register, but was only
doing a 32-bit load which truncates negative addresses.
Change it to a 64-bit load so that the address is properly sign-extended.
Fixes: 9d7de2aa8b41 ("Use relative percpu offsets")
Signed-off-by: Brian Gerst <brgerst@xxxxxxxxx>
Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Alexei Starovoitov <ast@xxxxxxxxxx>
Cc: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Cc: Uros Bizjak <ubizjak@xxxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20250227195302.1667654-1-brgerst@xxxxxxxxx
---
kernel/bpf/verifier.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 9971c03..f74263b 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -21692,7 +21692,7 @@ patch_map_ops_generic:
* way, it's fine to back out this inlining logic
*/
#ifdef CONFIG_SMP
- insn_buf[0] = BPF_MOV32_IMM(BPF_REG_0, (u32)(unsigned long)&pcpu_hot.cpu_number);
+ insn_buf[0] = BPF_MOV64_IMM(BPF_REG_0, (u32)(unsigned long)&pcpu_hot.cpu_number);
insn_buf[1] = BPF_MOV64_PERCPU_REG(BPF_REG_0, BPF_REG_0);
insn_buf[2] = BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, 0);
cnt = 3;